class NotesController < ApplicationController
  before_filter :login_required
  
  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :destroy, :create, :update ],
  :redirect_to => { :action => :show }
  
  def show
    @notes = Note.find_all_by_task_id(params[:id], {:order=>'created_on desc'})
  end
  
  def create
    note            = Note.new(params[:new])
    note.task_id    = params[:task_id]
    note.user_id    = session['user'].id
    note.updated_by = session['user'].id
    note.save!
    redirect_to :action => 'show', :id => params[:task_id]
  end
  
  def edit
    @note = Note.find(params[:id])
  end
  
  def update
    note = Note.find(params[:id])
    
    if note.update_attributes(params[:note])
      flash[:notice] = 'Note was successfully updated.'
      redirect_to :action => 'show', :id => note.task_id
    else
      render :action => 'edit'
    end
  end
  
  # Ajaxed
  def delete
    id = params[:id]
    #t = Note.find(id)
    #render(:text=>'-1') and return if t == nil or not session['user'].projects.map {|p| p.id}.include?(t.project_id)
    if Note.destroy(id)
      render(:text=>"#{id}")
    else
      render(:text=>'-1')
    end
  end
end
